topic Re: Global Protect w/ OTP RE: disconnect/recovery timer tolerance? in General Topicshttps://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74673#M41754
<P>I see what you're saying, but from a usability standpoint, their must be some tolerance for poor connections. Imagine working, and every 10 mins or less you need to reconnect. It's one thing from home where you can work towards improving your connection, but when you are on the go and have no control of the hotel WiFi etc.</P>Mon, 14 Mar 2016 17:10:55 GMTpwebber2016-03-14T17:10:55ZGlobal Protect w/ OTP RE: disconnect/recovery timer tolerance?https://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74661#M41748
<P>We have implimented Global Protect with radius authentication, username/password and a second prompt for OTP,&nbsp;this works great most of the time.</P>
<P>&nbsp;</P>
<P>We have noticed that when our users connect from poor&nbsp;WiFi, or internet connections, there are times where connections drops out momentairly. This results in Global Protect disconnecting. The user then needs to re-authenticate. This is challeneging since our last remote access solution relied on certificates, which automatically re-authenticated without the users involvment. Is there a timer in Global Protect to buid some tolerance into the VPN connection before it disconnects? Any other workaround to solve this issue?</P>
<P>&nbsp;</P>
<P>Thanks!</P>Mon, 14 Mar 2016 15:21:58 GMThttps://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74661#M41748pwebber2016-03-14T15:21:58ZRe: Global Protect w/ OTP RE: disconnect/recovery timer tolerance?https://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74664#M41750
<P>If the internet connect drops then the global protect will surely disconnect. It is like if we login into some&nbsp;bank website and if we disconnect and connect back the bank website will throw ssl error.</P>Mon, 14 Mar 2016 16:13:01 GMThttps://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74664#M41750pankaku2016-03-14T16:13:01ZRe: Global Protect w/ OTP RE: disconnect/recovery timer tolerance?https://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74673#M41754
<P>I see what you're saying, but from a usability standpoint, their must be some tolerance for poor connections. Imagine working, and every 10 mins or less you need to reconnect. It's one thing from home where you can work towards improving your connection, but when you are on the go and have no control of the hotel WiFi etc.</P>Mon, 14 Mar 2016 17:10:55 GMThttps://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74673#M41754pwebber2016-03-14T17:10:55ZRe: Global Protect w/ OTP RE: disconnect/recovery timer tolerance?https://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74728#M41772
<P>Is OTP requirement?</P>
<P>Maybe you can go with password and client certificate (that you enroll with your AD certificate server).</P>
<P>In this case even if password gets loose then client side certificate will keep bad guys out.</P>Tue, 15 Mar 2016 12:58:46 GMThttps://live.paloaltonetworks.com/t5/general-topics/global-protect-w-otp-re-disconnect-recovery-timer-tolerance/m-p/74728#M41772Raido2016-03-15T12:58:46Z